RSA Signature Mechanics

2
votes

So, I have been reading about RSA encryption where the public key is used to encrypt while the private key is used to decrypt. And for RSA signature, the private key performs an encryption operation to produce a signature and the public key performs a decryption operation on the signature to verify it.

It seems to me that encryption/decryption operations are just transforming data into another form so I guess it is also possible to generate a signature by performing a DECRYPTION operation using the private key and the sender verifies the signature by performing an ENCRYPTION operation using the public key.

So in summary:
RSA encryption -> Public Key Encrypts, Private Key Decrypts
RSA signing -> Private Key Encrypts, Public Key Decrypts

My question is whether this works too:
RSA signing -> Private Key performs a DECRYPTION operation on the hash of the message to produce a signature, Public Key performs an ENCRYPTION operation to verify the signature

1
authenticationcryptographyrsa
I'm voting to close this question as off-topic because it is not a programming question, but is about the operation of RSA.matt
There is no “encryption” or “decryption” operations with a given key. There is just “the RSA operation”, using either the private key or the public key (and modulus). OpenSSL has RSA_private_encrypt and similar functions, but they are dealing with things like padding and algorithm identifiers, the underlying mathematical function is the same.matt

1 Answers

2
votes

the RSA Operation is just x^exp mod N where exp is either the public or private exponent ... when it is the public exponent (e) it is called encryption, when it is the private exponent(d) it is called decryption

this works because x^(e*d) mod N = x ... this works because of the special relationship between e and d but is not the main topic here ... read up on RSA keypair generation if you need to know more

for just a very rudimental way of looking at an RSA signature, the signature part just switches e and d, making sign use d and verify use e... this leads to the seemingly simple idea of saying ... signing is just encryptiong with the private key ...

please read the next line very carefully:

whatever you read somewhere on the net ... SIGN and ENCRYPT are NOT THE SAME

yes, calculating a RSA signature involves the RSA operation above ... and it involves d ... but what changes is the other input ... x ... it is NOT the message you want to sign ... it is the padding result as matt pointed out earlier (which is something like PADD(HASH(MESSAGE)) with PADD and HASH being functions that can be choosen)

"signing is encrypting with the private exponent" only barely holds for the mathematical part of it, for the crypto-theory part ... this way of looking at it is usually frowned upon ... for all practical implementations there is a lot of other stuff around it, that makes sign and encrypt two totally different functions ... and for the theory part, it is not precise enough